digg

Facebook Connect Join Digg About

Test Out Graphical Passwords on XP

clam.rutgers.edu You can download and test Graphical Passwords from the Rutgers site, which are said to have better security.

Who dugg this? Made popular Jan 19, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

50 Comments

show profanity settings
expand all
  • ChrisLim, on 10/12/2007, -0/+3No IT Department will approve this. It's just not convenient. I just can't wait for the calls.

    User: Help, I forgot my password.
    IT tech: What was it before?
    User: "Double Squiggly line", "funny icon with blue ovals over yellow concentric DNA helixes", Rabbit icon with green uneven squares"
    IT tech: Ok, I've reset it to "Three orange dots", "The Firefox Logo" ,"The Firefox Logo", "The 'Say No" to Microsoft Logo", "The FingerPrint Icon" and "The Purple Hand Icon"
    User: The Left "Purple Hand Icon" or the right "Purple Hand Icon"
    IT Tech: Sorry, Left
    User: Thanks!
    IT Tech: No Problem. Don't forget it will make you reset your password after that, you'll need a 5 icon password in accordance with the new policy.
    User: Ok, no problem. I was going to make it 7 long anyways.....
  • dkarlson, on 10/12/2007, -0/+2I guess I didn't read the article well enough.

    Question -- outside of the obvious differences (traditional vs. graphical passwords), will this actually encourage users to have more secure passwords? Or will folks still be lazy and choose not to remember a different graphical sequence?

    Personally, my favorite traditional password method is to make an acronym out of a song. The song is easy to remember, and the resulting password is darn near impossible to break using a dictionary attack or just plain old guessing. For example "Row row row your boat, gently down the stream" could be Rrrybgdts, or r3ybgdts, or any combination of that using caps. Effective, simple to remember, etc.
  • CorpT, on 10/12/2007, -0/+2Users will by it's very nature have more secure passwords. For one, how to you dictionary attack it. Two, how would you brute force it? With moving icons that are pRandomly generated it would be extremely difficult to brute force it. I suppose not impossible, but certainly a magnitude harder than current passwords.

    I still don't think you're getting how it works.
    1) You choose a set of icons.
    2) It displays a lot of icons including 3 of your icons. They move. Some leave, some enter.
    3) You click in the convex hull (see page, it makes sense).
    4) Repeat the process a number of times you specify.

    You can't shoulder surf that. You can't dictionary crack that. You can't brute force that. What's left?

    There are problems. It's clunky and cumbersome right now, but that's mostly because we're not used to it. Give it time and it will be more streamlined.
  • dasbell, on 10/12/2007, -0/+1Here; http://clam.rutgers.edu/~lsobrado/graphicalpassword/help/help.html
    Scroll down to the section: Practicing your password to get the gist

    Kind interesting...
  • silent1, on 10/12/2007, -1/+2I fail to see how this is any better a solution than typing in actual passWORDS. Someone already mentioned it's slower (ie, less efficient) and I'll add that it's utterly worthless for use in a terminal (so in many cases, you'd have to have two passwords anyway - graphical and text).

    Second, this will *not* be useful in encryption. Three 'symbols' aren't enough for a secure password. Twenty graphics will be harder to remember than twenty characters, for example. Imagine strong encryption passwords - many, many symbols. For encryption, this is worthless.

    It's an interesting concept to be sure, but entirely impractical.
  • trinder, on 10/12/2007, -0/+1Read the article and try the demo and you will see how secure it is. It's a great idea for systems needing solid security. I could care less who was watching over my shoulder, they'd never figure out my "password".

    I'll sum it for you: Choose 6 (or more) icons out of a large group and memorize them. The password screen comes up with lots of random images and a random three of your six "memorized" images. Find the triangle formed by your three images and click somewhere inside that triangle (not on any of your images). The images shuffle again, including possibly your chosen images (it chooses another random 3 out of your 6). Find the next triangle and click inside it again. It's quite secure.
  • PlancksCnst, on 10/12/2007, -0/+1@DJNewStyle:
    It is incredibly easy to steal a fingerprint; this is not the best way. Maybe some other biometric, but not a fingerprint.
  • flintmich, on 10/12/2007, -0/+1This is very cool, would be great in a public environment (like a classroom). We used to use grab people's passwords as they typed 'em in with rlogin back in the day. With this, that'd be impossible. It's like a big game of Classic Concentration. I tested and no one could figure out what the hell I was doing to get through even though they were looking at what I was doing. I used three pass icons and two iterations. Even if you knew the convex shape (remember Qix?) I can do this so fast people can't see what I was doing.

    Humans are more picture minded anyway.

    If this were on the desktop of Windows/MacOS and you had to click through to get logged in, instead of CTRL ALT DEL and some the password that is stuck on the Post It note, it might be a better security system. Time will tell.
  • CorpT, on 10/12/2007, -0/+1@dlogic

    RTFA. Or at least the comments above already debunking your dumb ass.
  • BurninatorX, on 10/12/2007, -0/+1Maybe this is what those egyption hyroglyphics were. We've been thinking that it was some sort of writing system when really its just a giant Graphical Password screen. =O
  • djdole, on 10/12/2007, -0/+1@silent1 : "it's slower (ie, less efficient)"

    Slower does not always equate to being less efficient, especially in terms of security.
    The only reason many encryption standards today are 'secure' today is because their ciphers are so complex that the time it takes to break them makes it impractical to even try. (By the time the encryption is broken, the data is out of date and/or worthless).

    In this situation, if it takes a person longer to enter their password (merely a slight inconvenience) then that delay will be exaggerated by brute-force attempts.
    That by itself would be enough dissuade many would be attackers from trying.

    So I’d say that using graphical passwords in a security sensitive environment would be quite practical.
    For John Q. HomeUser though, no. Not really worth it seeing as few people would care how many times she/he(?) plays Gwen Stephani's 'Holla Back Girl', (the average computer user has little data on their computer worth stealing).
  • mcletter, on 10/12/2007, -0/+0Seems really kool, maybe the future of passwords? I guess we will see.

    Only downside I can see is that it takes longer to enter a password, but security wise, it makes since that it's more secure than a text password. :) I'll definitely check it out when I get home today.
  • adml_shake, on 10/12/2007, -0/+0Digg, thats pretty slick. I could use something like this at work.
  • xodex, on 10/12/2007, -0/+0Great idea, but like drarison said..... Public view... to risky :o
  • MrMysterious, on 10/12/2007, -0/+0dkarlson, read the article, you don't actually click your pictures:

    "o accurately simulate a graphical password system, you must not reveal the pass-icons to any potential observer. In fact, you should not as much as point or click to a pass icon in a way that would reveal to an observer that you're identifying a pass-icon. Doing so completely defeats the purpose of the system. Once you have clicked anywhere inside the convex hull, the system will re-arrange the icons. You should set the icon speed low enough so that you can track some of the pass-icons as they move. This will make it easier to find them on the next screen. If a pass icon leaves the screen, a new one will replace it. "
  • dapsycho, on 10/12/2007, -0/+0interesting but one hell of a complicated way for a password...
  • CorpT, on 10/12/2007, -0/+0Read the whole thing. Public view really isn't an issue. Now with moving icons and 10 challenges. Shoulder surfing would be way easier because even if someone does watch you click on screen, they have no idea what 3 icons formed the convex hull. With typed passwords you type the same letters in every single time. It's easy to piece together a password that way. Not so with this.

    The only downside I can see is retraining your brain to remember a set of icons instead of a text password.
  • Rounin, on 10/12/2007, -0/+0Pretty cool, but what about the visually-challenged? I think I'll just stick to my laptop's built-in fingerprint recognition.
  • 000jr000, on 10/12/2007, -0/+0"I could use something like this at work."

    Oh man... can you imagine the IT group at work managing these passwords on a domain controller?

    "No Bob! I set your password to Red Firefox, Blue Internet Explorer, Gray Firewire, GREEN Slime.... not YELLOW slime... don't make me set your password to 45 Microsoft icons again..."
  • acidzebra, on 10/12/2007, -1/+1The idea is cute if not new, but why bother with XP? It's like having a heavy padlock on a paper door.
  • PlancksCnst, on 10/12/2007, -0/+0@silent1:
    Three 'symbols' aren't enough for a secure password.
    Actually, they may be. The information you would send to the authentication server is the order of the icons (all the icons), and the location of the click. The server can then figure out if you clicked in the right spot.
  • bytefoo, on 10/12/2007, -1/+1http://www.digg.com/technology/Graphical_passwords_for_better_security

    Dupe.
  • Punisher2K, on 10/12/2007, -0/+0Takes way to damn long to find the icons and find where to click. It's an interesting theory but it sucks in practice. I can see this as maybe a backup for a typed password but not a replacement

    Typed password, 1 second
    Picture password, Several minutes
  • rudinz, on 10/12/2007, -0/+0Rutgers Rockzz............!!!!!
  • Banshie, on 10/12/2007, -0/+0If this works this would be awsome
  • GreenTentacle, on 10/12/2007, -0/+0Makes me so proud of my alma mater.
  • dkarlson, on 10/12/2007, -0/+0Very cool. I'd been hearing for awhile now that this was a much better solution than remembering traditional passwords -- but I'd never seen it in action. The only possible downside that I can see is the necessity of keeping your password selections out of public view...but it's probably as risky as entering your traditional password in front of someone.
  • kev26, on 10/12/2007, -0/+0I think this concept is really cool and it will be the way things will end up going. Yes, it is slow, but once you practise a bit and get use to the concept you get much faster at entering the 'password'.
    Also, it is a proven fact that pictures are easier to remember compared to letters. Remember that a good password is a bunch of random letters, numbers and characters. If you have a set of 5 pictures to remember versus a strong password of 10 characters it will be a lot easier.
    Just my 2 cents
  • towsonu2003, on 10/12/2007, -0/+0lame and windows-only.
  • Adoozie, on 10/12/2007, -0/+0Seems like if a person was able to grab enough photographs or screen shots as a person made their selections, deducing the "password" would be relatively simple...
  • quink, on 10/12/2007, -0/+0This is not for schizophrenic people. I took me 2 minutes to do this, and I still got 3 clicks wrong. This sucks donkeyballs.
  • Agret, on 10/12/2007, -0/+0Sloowwww but I set to 3 instead of the default 12, still took a good minute.

    ---------------------------
    Graphical Password
    ---------------------------
    LOGIN SUCCESSFUL! Click OK to start another session. Good clicks: 3. Failed clicks: 0. Good Logins: 1. Failed Logins: 0. Session Time: 49.64062 (s). Challenge Average: 13.3 (s)
    ---------------------------
    OK
    ---------------------------
  • cbreaker, on 10/12/2007, -0/+0Maybe for a high security system this could be worthwhile. It's certainly a good idea and good ideas like this lead to even better things in the future.
  • trix911, on 10/12/2007, -0/+0@bytefoo
  • detroitsux, on 10/12/2007, -0/+0Not an incredibly new idea, but this is just an indication that we're coming closer to seeing it used in the mainstream. It's just a matter of time, money, a couple of good implementations, and some marketing. Digg.
  • Sblader5, on 10/12/2007, -0/+0yea i was looking for those icons too
  • Skrolnik, on 10/12/2007, -0/+0I'd like to point out that there's nothing that says that you have to use icons for this kind of setup. All you need are a set of symbols readily distinguishable from each other. Your library of "icons" that you pick from to choose your password could just as easily be standard alphanumeric characters, in different colors. Instead of looking for "firefox", "acrobat", "notepad", you might be looking for d in red, i in white, and g in blue.
  • dynomike, on 10/12/2007, -0/+0Does anyone know where a guy can get those orb icons?
  • DJNewStyle, on 10/12/2007, -0/+0Fingerprint recognition seems to be the best way.. unless you lose that finger tip in an accident somehow. Then you wouldn't be able to log into spunkmouth.com - and that would just ruin your weekend.

    HOO RAH HOO RAH RUTGERS RAH!
    /obligatory rutgers cheer.
  • MikeCampo, on 10/12/2007, -0/+0This concept is way too slow for passwords. It may be useful for places that require top notch security, but who would have the time to watch floating icons form a password triangle over and over...
  • jeolmeun, on 10/12/2007, -0/+0Or you can get an on screen keyboard and click keys.
  • wael, on 10/12/2007, -0/+0Biometric authentication is the "future" of passwords. This seems more like a gimmick.
    Imagine doing all this clicking in an airport lounge! Definitely not secure enough.
  • PlancksCnst, on 10/12/2007, -0/+0@cwcheang
    I understand there all different. (I did that just to piss you off) Do you understand the concept of MUSCLE MEMORY? That was obviously a quick comment with no real arguments, which I would not have proofread.
  • PlancksCnst, on 10/12/2007, -1/+0@tr176:
    What the hell is you're problem? I've seen you post that on other stories.
  • kiwimonk, on 10/12/2007, -1/+0your better off with numbers
  • laser314, on 10/12/2007, -1/+0100% CPU usage of a 1.3Ghz P4 just to login? Who at MS came up with this one?
  • cwcheang, on 10/12/2007, -2/+0planckscnst,

    you're
    YOUR
    their
    there
    they're

    THEY'RE all different.
  • dlogic, on 10/12/2007, -3/+0cant be the future of passwords cuz of Public viewing...........
  • Tr176, on 10/12/2007, -6/+0Private Sub Form_Click()
    'Grades
    'Aly Baer
    '12-14-05
    'Make a list of students and their grades.

    'Declare Variables
    10 Dim name1 As String, name2 As String, name As String, letter As String, highname As String, lowname As String
    20 Dim grade1 As Integer, grade2 As Integer, grade As Integer, highgrade As Integer, lowgrade As Integer

    'Print statements and initialize variables
    100 Printer.Print "GRADES FOR Aly Baer's CLASS"
    110 Printer.Print
    120 Printer.Print "Name", "Grade", "Comment"
    130 highgrade = 0
    140 lowgrade = 100

    'Assignment Statements
    200 name1 = InputBox("What is the student's first name?(If done, hit enter.)", "Student's first name", "done")
    205 If name1 = "done" Then GoTo 1000
    210 name2 = InputBox("What is the student's last name?", "Studnent's last name")
    215 name = name1 + " " + name2
    220 grade1 = InputBox("What is the student's first grade?", "Studnent's first grade")
    230 grade2 = InputBox("What is the student's second grade?", "Studnent's second grade")
    240 grade = (grade1 + grade2) / 2
    244 If grade > 100 Then grade = 100
    245 If grade > highscore Then highgrade = grade: highname = name
    246 If grade < lowgrade Then lowgrade = grade: lowname = name
    250 If grade >= 92 Then GoTo 300
    260 If grade >= 85 Then GoTo 400
    270 If grade >= 75 Then GoTo 500
    280 If grade >= 70 Then GoTo 600
    290 If grade >= 0 Then GoTo 700

    300 letter = "A"
    310 Printer.Print name, grade; letter, name1; " "; "is doing oustanding work."
    320 GoTo 200

    400 letter = "B"
    410 Printer.Print name, grade; letter, name1; ""; "is doing good work."
    420 GoTo 200

    500 letter = "c"
    510 Printer.Print name, grade; letter, name1; " "; "is not achieving at a satisfactory level."
    520 GoTo 200

    600 letter = "D"
    610 Printer.Print name, grade; letter, name1; " "; "is nearly failing."
    620 GoTo 200

    700 letter = "F"
    710 Printer.Print name, grade; letter, name1; " "; "is not passing this subject."
    720 GoTo 200

    1000 Printer.Print
    1010 Printer.Print highname; " "; "had the high average of"; " "; highgrade; "."
    1020 Printer.Print lowname; " "; "had the low average of"; " "; lowgrade; "."
    1030 Printer.Print
    1040 Printer.Print "End of Roster."
    End Sub

  • Tr176, on 10/12/2007, -6/+0Private Sub Form_Click()
    'Teams
    'Aly Baer
    '1-5-06
    'Make a list of each team's players and scores.

    'Declare Variables
    10 Dim name As String, highteam As String, teamname As String
    20 Dim score As Integer, teamscore As Integer, highscore


    'Print Statements
    100 Printer.Print "PUNCH ME RESULTS FROM Aly Baer's WIRE SEVICE"
    120 Printer.Print

    'Assignment Statements
    200 teamname = InputBox("What is the Team Name?(If done, hit enter)", "Team Name", "done")
    205 If teamname = "done" Then GoTo 1000
    206 Printer.Print "Players on the "; teamname
    210 name = InputBox("What is the player's name?(If done, hit enter.)", "Player's Name", "done")
    215 If name = "done" Then GoTo 300
    220 score = InputBox("What was the player's score?", "Player's Score")
    230 Printer.Print name; " ("; score; ")",
    240 GoTo 210

    300 Printer.Print
    305 teamscore = InputBox("What is the team score?", "Team score")
    310 highscore = InputBox("What is the High Individual Score?", "High Individual Score")
    320 If teamscore >= 30 Then GoTo 350
    330 If highscore >= 15 Then GoTo 420
    340 Printer.Print "The team did not do well, and no players had a respectable game."
    345 GoTo 200
    350 If highscore >= 15 Then GoTo 400
    360 Printer.Print "The team did well, but no players had a respactable game."
    370 GoTo 200

    400 Printer.Print "The team did well, and the high scorer had a respectable game."
    410 GoTo 200
    420 Printer.Print "The team did not do well, but one player had a respectable game."
    430 GoTo 200

    1000 Printer.Print
    1010 Printer.Print "No other teams participated."
    End Sub


  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.